Security researchers have discovered two flaws in Apple fleas that equip many models of recent mac, iPhone and iPad. If it recognizes the problem, the apple firm believes that there is no immediate danger.
Contrary to what a tenacious urban legend suggests, Apple products are not inviolable fortresses. Even if the apple firm attaches great importance to safety, they are not immune to flaws and vulnerabilities, like all the electronic devices that combine processors and software. A recent alert launched by security researchers reminds us. And it is all the more astonishing because it concerns all recent products of the brand, from Macs to iPhones via iPad. Something to worry good many users believing themselves to be sheltered from any threat.
Researchers from the Georgia Institute of Technology have thus discovered in some Apple processors two critical security flaws that they have nicknamed Slap and Flop and who exhibit many devices to data theft. These vulnerabilities concern the chips M2, M3, A15, A16 and A17 and more precisely a key mechanism which initially aimed to improve performance, but which is today to be a gateway for potentially devastating attacks.
Slap and flop flaws: a risk of data theft
Since the introduction of Apple Silicon processors, the Cupertino firm has bet to improve the efficiency of its chips thanks to a process called Speculative execution. Similar to what is found on Intel and AMD chips, this predictive mechanism allows processors to get ahead of certain instructions by anticipating the data they will have to process, in order to gain speed. However, this technology presents risks if predictions fail, leaving an operating window to pirates.
M2, A15 and more recent fleas use a function called LAP (Load Address prediction), which predicts the memory address to which the processor will access. Flop, for its part, concerns more advanced models such as the M3 and A17, with an additional function called LVP (Load value prediction), capable of predicting the exact value of the data in memory. In theory, these features are designed to offer substantial speed gains. But in practice, they introduce faults.
SLAP (Speculative Load Address Prediction) operates the errors made by processors during the prediction of memory addresses. By maliciously “forming” the prediction algorithm, attackers can access sensitive data from other processes, even without having physical access to the device. Flop (False Load Output Prediction), on the other hand, directly targets the value of the data returned by memory. These two faults make it possible to bypass the protections in place, such as the sandboxing Navigators, a functionality however essential to the safety of Chrome and Safari.
Clearly, a malicious website can use Slap or flop to steal private and sensitive information. Researchers have shown that a user visiting an infected page could be stolen from sensitive information, such as their location history on Google Maps, their emails in Proton Mail or its Icloud agenda events. These flaws recall those of the Specter and Meltdown type, which had marked the world of cybersecurity in 2018.
Slap and flop flaws: What are the devices concerned?
The majority of Apple’s recent devices are vulnerable to Slap and Flop. Risk models include:
All macbook (air and pro) has released since 2022
The Mac Mini, Imac, Mac Studio and Mac Pro of 2023
The iPad Pro, Air and Mini released since September 2021
The iPhone 13, 14, 15, 16, and the 3rd generation iPhone
In question, the M2, M3, A15, A16 and A17 processors, which equip these devices. These chips integrate prediction mechanisms for the memory address (LAP) and the value of the data (LVP), which are at the origin of the faults. The researchers explain that, if these predictions fail, they allow an attacker to handle the processor to extract confidential information.
SLAP and FLOP are particularly worrying because they do not require physical access to the device to be used. Just convince the user to visit a malicious web page. Once the machine has been infected, information such as navigation history, non -encrypted messages or even banking data can be siphoned.
However, no malicious exploitation of these flaws has been observed to date. Apple said there was no “immediate risk” for its users, while recognizing the problem and promising to work on a fix. In the meantime, researchers recommend keeping their devices up to date and being careful on the sites visited.